Campcodes Online Examination System Vulnerable to SQL Injection
CVE-2024-4916
9.8CRITICAL
What is CVE-2024-4916?
A vulnerability has been identified in Campcodes Online Examination System 1.0 that allows remote attackers to exploit an SQL injection within the selExamAttemptExe.php file. By manipulating the 'thisId' argument, attackers can inject arbitrary SQL commands into the database, potentially compromising sensitive data and leading to unauthorized data access. This flaw has been disclosed publicly, raising concerns regarding its exploitation by malicious actors.
Affected Version(s)
Online Examination System 1.0
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
yylm (VulDB User)